Correct,
removing it now.
/str0ke
George A. Theall wrote:
> I'm not sure the exploit as described in milw0rm 6592 works generally.
> Notice the affected file is "help/mini.php" and the arg to include()
> starts with "./help/"? When you call the script directly, the working
> directory will be something like "/var/www/html/x7chat/help"., which
> causes the directory traversal to fail on targets running, say, *nix
> since there's no directory named "help" under that.
>> The issue is exploitable under version 2.0.0, but it appears to have
> been fixed in response to rgod's earlier advisory :
>>http://archives.neohapsis.com/archives/bugtraq/2006-05/0028.html>> which leverages a very similar issue in 'help/index.php' to execute
> arbitrary code.
>> George